Cyber theft and fraud are some of today’s most feared threats for many organizations and companies. This is not hard to believe when thinking of the number of reports the FBI’s Internet Crime Complaint Center receives yearly (approximately 300,000 regarding over $800 million in losses) and the average amount that cyber attacks cost to US companies (more than $15.4 million per year, per the National Initiative for Cybersecurity Careers and Studies). Although the complexity of cyber-attacks continues to escalate, the human factor is still one of the most important elements in the protection of information systems, in the safeguard of the integrity of networks, and in ensuring the defense of proprietary digital information and corporate data so that they do not fall into the hands of malicious hackers, cyber-criminals or even foreign governments. A new generation of cyber security analysts is already in the making to detect attacks and gather and analyze evidence; these professionals will be asked to keep up with ever-changing threats, as criminals diversify their methods.
Cyber Security Analysts can be an asset to any organization for their capability of designing security integration solutions with analytics tools that will aid detection and response to incidents. They utilize behavioral threat assessment tools to consider risks to their organizations’ information systems while also ensuring business continuity and availability of data and services. They identify patterns and expose anomalies that could indicate a cyber attack and then take action, proactively, against malicious events before they develop. Cyber Security Analysts can “truly improve an organization’s security posture” with their know-how and ability to bring data analytics to the forefront to “get a real-time, holistic view of the behavior of the network,” says James Stanger, senior director, products, at CompTIA.
With an expected, substantial increase in the demand for this type of professionals, this is the right time to enter the field. How does an IT professional become a Cyber Security Analyst?
Cyber Security Analysts – How To Be One?
Traditional degrees will always be important to form well-rounded professionals, but more and more practical experience, hands-on training and continuous knowledge updating will be key to the success of a career in InfoSec. Many CSAs, in fact, have degrees in Computer Science or Cyber Security, but relevant work experience, training, and the right certifications are often more important in securing a job in this growing field.
To set the baseline standards for required knowledge and to aid in defining what the duties and responsibilities of this fairly new figure should be, CompTIA, on Feb. 20, 2017, launched the Cybersecurity Analyst (CSA+) certification. The new international, vendor-neutral cyber security cert focuses on the application of behavioral analytics to improve the overall state of IT security. Professionals are tested on proper configuration of threat detection tools and on performing data analysis and interpreting results to identify possible vulnerabilities, threats, and risks to an organization. The CompTIA’s CSA+ certification sets the benchmarks for what a cyber security analyst has to know to mitigate the damage of a threat by implementing network monitoring tools and interpret data to put, then, into context and use to devise a response strategy.
A certification focused on these topics is helpful in setting standards for a new skilled workforce. CompTIA’s research report, Practices of Security Professionals, which sought the answers from 500 U.S.-based cyber security practitioners, discovered that “two-thirds of those polled said the way to remedy security skills gaps in their organizations was by training existing employees.” The study also found that “organizations are seeking cyber security professionals certified for entirely new skill sets, such as Identity and Access Management (IAM) and Data Loss Prevention (DLP).”
According to CompTIA. There are several reasons for choosing a CSA+ certification:
- CSA+ certified skills are in-demand, as per the U.S. Bureau of Labor Statistics (BLS) that predicts that information security analysts will be the fastest growing overall job category, with 37 percent overall growth between 2012 and 2022.
- CSA+ is globally recognized and is ANSI/ISO/IEC 17024 accredited. Meanwhile, the credential is pending U.S. Department of Defense approval to meet directive 8140/8570.01-M.
- CSA+ provides substantial earnings potential, according to the Bureau of Labor Statistics, with the median pay for an information security analyst being $90,120 per year.
- CSA+ is industry supported, and its content is based on a combination of industry-wide survey feedback and contributions from subject matter experts.
Getting CSA+ Certified
While there is no required prerequisite, CSA+ is intended to follow CompTIA Network+, Security+ or build on equivalent experience. The CompTIA Cybersecurity Analyst (CSA+) exam, in fact, has a technical, hands-on focus. Those who earn the cert will demonstrate an understanding of specific security issues including the ability to analyze results of network reconnaissance and to use cybersecurity tools and technologies for responses and countermeasures. In particular, as mentioned in the official website, the CompTIA Cybersecurity Analyst+ certifies knowledge of a data-driven approach to information security and verifies that successful candidates do have the skills required to configure and use threat detection tools and processes to identify, contain, mitigate and remediate vulnerabilities. Those who prepare for the test can refresh/gain behavioral analytics skills to perform vulnerability analysis and remediation across IT infrastructures and platforms to ensure confidentiality, integrity, and availability (CIA) by work centers’ information assurance and security policies, procedures, and guidelines.
CompTIA also states that their new CSA+ certification bridges the skills gap between CompTIA Security+ and the CompTIA Advanced Security Practitioner (CASP) exam to create a vendor-neutral cyber security career pathway for IT security pros. While Security+ gives general cyber security knowledge and skills, both CSA+ and CASP, with a different focus, are considered intermediate and advanced level certifications respectively and do address the growing need for specialization that cyber security now requires of professionals.
In fact, as Jim Lucari, Senior Manager of Certification at HP Enterprise, says “Data analytics is key “and “everybody in technology should have this CSA+. It should be mandatory if you are going to stay in IT over the coming decade.” The CompTIA Cybersecurity Analyst (CSA+) certification is built to mirror the current job roles of security analyst professionals at the intermediate level. More than other certifications, it seems to be strictly linked to the job market and the new requirements created by advances in InfoSec.
What to Expect from the CSA+ Exam and How to Prepare
Exam code: CS0-001 (effective: February 15, 2017). This exam consists of a maximum of 85 multiple choice and performance-based questions with 165 minutes to complete it. Topics include prevention, detection and opposing cybersecurity threats and, in particular, malware, and advanced persistent threats (APTs). Passing score: 750 (on a scale of 100-900). The price of exam: $320.00. Prerequisites for the exam: CSA+ is intended to follow CompTIA Security+ or equivalent experience. The retirement of exam: it is still to be determined, although it is usually three years after launch.
Ethical Hacking Training – Resources (InfoSec)
Before embarking on the certification process and attempting to pass the CSA+ exam, analysts should have three to four years of hands-on information security or related experience. Study material is available online and includes, for example, the CertMaster for CompTIA Cybersecurity Analyst (CSA+), which is slated to be released by the end of June 2017. This is an online course that will cover the following topics: Threat Management, Vulnerability Management, Cyber-Incident Response, Security and Architecture Tool Sets. CertMaster for CompTIA CSA+ maps directly to the CompTIA CSA+ CS0-001 learning objectives and helps students quickly assesses what they know, so that they can focus only on filling knowledge gaps or use the material for a general overview of all topics. The study companion consists of 720 total number of questions available in desktop and mobile versions. This online tool combined with the CompTIA Cybersecurity Analyst (CSA+) Cert Guide, Premium Edition eBook and Practice Test (Published Jun 26, 2017, by Pearson IT Certification), is designed to help learners craft their final study plan.
CSA+ Salary and Job Outlook
Cyber Security Analyst jobs are expected to be in great demand in the next few years. In fact, according to the U.S. Bureau of Labor Statistics (BLS), occupation is projected to grow 18 percent from 2014 to 2024, much faster than the average for all occupations. In the United States, a major employer will be the government that is expected to increase the number of cyber-savvy professionals on its payroll by the thousands; in 2015, for example, the Department of Defense announced to be ready to hire up to 3,000 information security professionals to be part of the U.S. Cyber Command. However, cyber security analysts will also be in high demand in industries like healthcare, finance, insurance, education and wherever sensitive data need to be protected. According to Emsi’s Alumni Insight analysis, most of the 100,000 cyber security analysts currently part of the IT workforce have secured jobs in renowned companies, including IBM, Lockheed Martin, Booz Allen Hamilton, and Northrop Grumman. In 2016, an average of 32,000 job postings was reserved to these professionals, and many were for large companies like Oracle, Deloitte, and General Dynamics.
CSA+ job credential holders can be important IT team members being the first line of defense in diminishing cyber threats and this certification is often a preferential title even for many entry-level positions. According to PayScale, “a Cyber Security Analyst earns an average salary of $75,118 per year” at an entry-level while others can earn as much as $124,357 with mid-career experience. Of the many skills, these professionals have to demonstrate, those that have a direct impact on the pay include experience in Security Testing and Auditing, strong familiarity with Security Policies and Procedures as well as Security Intrusion Detection.
According to BLS, instead, information security analysts have an average annual wage of $92,600 as of 2016. The top 10% had earnings of more than $147,290, and wages were higher for professionals in management, scientific, and technical consulting services. Of course, figures vary according to geographical location, industry, and experience. Even so, Certified CSA+ pros might be offered higher salaries than non-certified counterparts or might be able to secure higher positions.
Given the highly competitive employment market for skilled IT security professionals, there are many reasons to get a Cyber Security Certification to assure a “pathway to a different (and better) employment situation,” explains
cybersecuritycourse.net. “Even if certification is not the strongest factor in getting you hired, it will get your resume to the top of the stack!”
Professionals looking to gain IT security analyst skills might find the CompTIA CSA+ be the right certification to achieve cyber security mastery and to grow in a career in high demand. Certifications like the CSA+ make cyber professionals more marketable to employers as they validate foundation-level knowledge and skills necessary for a successful career in the field.
Anderson, S. (2017, February 15). Help Wanted: 1.8 Million Cybersecurity Professionals. Retrieved from http://www.tmcnet.com/sectors/security/articles/429647-help-wanted-18-million-cybersecurity-professionals.htm
Bradley, T. (2015, June 23). Gap in cybersecurity knowledge creates challenges for organizations. Retrieved from http://www.csoonline.com/article/2939028/security-leadership/gap-in-cybersecurity-knowledge-creates-challenges-for-organizations.html
Burrow, G. (2017, April 3). The Critical Demand for Cybersecurity Analysts. Retrieved from http://www.economicmodeling.com/2017/04/03/critical-demand-cybersecurity-analysts/
CompTIA, Inc. (2017, February 20). Addressing Global Cybersecurity Challenge, CompTIA Unveils Groundbreaking Certification. Retrieved from https://www.comptia.org/about-us/newsroom/press-releases/2017/02/20/addressing-global-cybersecurity-challenge-comptia-unveils-groundbreaking-certification
CompTIA, Inc. (n.d.). CompTIA Cybersecurity Analyst (CSA+) Certification Exam Objectives Version 1.0 (Exam Number: CS0-001). Retrieved from https://swlasecurity.files.wordpress.com/2017/02/comptia-cybersecurity-analyst-cs0-001-objectives.pdf
CompTIA, Inc. (n.d.). CompTIA CSA+. Retrieved from https://certification.comptia.org/certifications/cybersecurity-analyst
CyberDegrees.org. (n.d.). A Guide to Cyber Security Certifications. Retrieved from http://www.cyberdegrees.org/resources/certifications/
Cybersecuritycourse.net. (n.d.). Why Get a Cyber Security Certification? Retrieved from https://www.cybersecuritycourse.net/jobs/why-get-cyber-security-certification
Dishman, L. (2016, July 27). The Most Critical Skills Gap: Cybersecurity. Retrieved from https://www.fastcompany.com/3062210/the-most-critical-skills-gap-cybersecurity
Gilheany, T. (2016, October 24). IT Security Professionals Need Advanced Skills Training to Combat Threats. Retrieved from http://www.cybersecuritytrend.com/topics/cyber-security/articles/426377-it-security-professionals-need-advanced-skills-training-combat.htm
GuideToCybersecurity.com. (n.d.). Cyber Security Job Outlook. Retrieved from http://guidetocybersecurity.com/cybersecurity-careers/cybersecurity-job-outlook/
McCraw, D. B. (2017, March 27). CompTIA Cybersecurity Analyst (CSA+): Your Questions Answered. Retrieved from https://certification.comptia.org/it-career-news/post/view/2017/03/27/comptia-csa-your-questions-answered
PayScale, Inc. (n.d.). Cyber Security Analyst Salary. Retrieved from http://www.payscale.com/research/US/Job=Cyber_Security_Analyst/Salary
Pearson Education, Pearson IT Certification. (n.d.). CompTIA Cybersecurity Analyst (CSA+) Cert Guide. Retrieved from http://www.pearsonitcertification.com/store/comptia-cybersecurity-analyst-csa-plus-cert-guide-9780789756954
Seals, T. (2017, February 20). CompTIA Unveils Cyberanalyst Certification. Retrieved from https://www.infosecurity-magazine.com/news/comptia-unveils-cyberanalyst/
Stern, M. (2016, October 21). New CompTIA Certification Sets Standards for Cybersecurity Analytics. Retrieved from https://certification.comptia.org/it-career-news/post/view/2016/10/21/new-comptia-certification-sets-standards-for-cybersecurity-analytics
Tsai, P. (2016, June 29). Cybersecurity skills gap? Most organizations lack IT security experts. Retrieved from https://community.spiceworks.com/topic/1618495-cybersecurity-skills-gap-most-organizations-lack-it-security-experts